MacGuyUK Posted November 11, 2012 Share Posted November 11, 2012 I have a php script that emails a completed order form linked to the script and sends a coppy (cc) to the sender. It has worked for years, until last week - the hosting company now tells me I need to amend the script as it uses the sender's email address as the "from" address and the server now prevents emails with this format as it can contain a spoofed from address. This is the script: <?php $file = $_POST['file']; $company = $_POST['company']; $ordered = $_POST['ordered']; $email = $_POST['email']; $date = $_POST['date']; $po = $_POST['po']; $requirements = $_POST['requirements']; /*products*/ $Product1 = $_POST['Product1']; $Product2 = $_POST['Product2']; /*TOTAL*/ $total = $Product1 + $Product2; /*Sending Email*/ $to = $_POST['to']; $subject = "Orders by $company"; $message = " FILE = $file Company = $company Ordered = $ordered Email = $email Date = $date PO = $po Requirements = $requirements PRODUCTS ---------------------------------------------- Product1 = $Product1 Product2 = $Product2 ----------------------------------------------------------- TOTAL PRODUCTS ORDERED = $total"; $headers = "From: $email\r\n"; $headers .= "Cc: $email\r\n"; if(mail($to, $subject, $message, $headers) echo "<table width='700' border='0' align='center' cellpadding='5' cellspacing='0'> <tr> <td>Thank you for submitting your online <strong>Orders</strong>. A copy of the order has been sent to your email address. Please check all details are correct.<br /> <br /> </td> </tr> <tr> <td><hr width='100%' size='1' noshade='noshade' /></td> </tr> </table>"; else echo "Mail send failure - message not sent"; ?> This is what the hosts told me to do: It's bringing up an error at line if(mail($to, $subject, $message, $headers)) It seems the mail server doesn't like the way the from email field has been configured so If if you could re-code it so the from address is explicitly defined as a separate variable entirely. The information below might help: What needs to be included is; 1. A variable that tells the script where the email is being sent from; For example; $SendEmail ="[email protected]"; 2. Adding this variable onto the end of the mail() function. Below is a very basic php script demonstrating this: $nameField = $_POST['name']; $emailField = $_POST['email']; $SendEmail ="[email protected]"; $body = <<< EOD Name: $nameField Email: $emailField EOD; $headers = "From: $emailField\r\n"; $headers .= "Content-type: text/html\r\n"; $sucess = mail($webMaster, $emailSubject, $headers, $body, '-f'.$SendEmail); The important part here is the '-f'.$SendEmail at the end of the mail() function. The '-f' although not a php command is a sendmail parameter that is telling our mailserver the mail is being sent from the $SendEmail address and nowhere else. And this is how I amended the script: <?php $file = $_POST['file']; $SendEmail ="[email protected]"; $company = $_POST['company']; $ordered = $_POST['ordered']; $email = $_POST['email']; $date = $_POST['date']; $po = $_POST['po']; $requirements = $_POST['requirements']; /*products*/ $Product1 = $_POST['Product1']; $Product2 = $_POST['Product2']; /*TOTAL*/ $total = $Product1 + $Product2; /*Sending Email*/ $to = $_POST['to']; $SendEmail ="[email protected]"; $subject = "Orders by $company"; $message = " FILE = $file Company = $company Ordered = $ordered Email = $email Date = $date PO = $po Requirements = $requirements PRODUCTS ---------------------------------------------- Product1 = $Product1 Product2 = $Product2 ----------------------------------------------------------- TOTAL PRODUCTS ORDERED = $total"; $headers = "From: $email\r\n"; $headers .= "Cc: $email\r\n"; if(mail($to, $subject, $message, $headers, '-f'.$SendEmail)) echo "<table width='700' border='0' align='center' cellpadding='5' cellspacing='0'> <tr> <td>Thank you for submitting your online <strong>Orders</strong>. A copy of the order has been sent to your email address. Please check all details are correct.<br /> <br /> </td> </tr> <tr> <td><hr width='100%' size='1' noshade='noshade' /></td> </tr> </table>"; else echo "Mail send failure - message not sent"; ?> But still no result. I have now spent days trying variations on this, all without success. I get a confirmation page, but no emails are sent. Any suggestions would be much appreciated. Thank you Link to comment https://forums.phpfreaks.com/topic/270559-amend-php-script-to-comply-with-hosts-new-security-settings/ Share on other sites More sharing options...
jcbones Posted November 11, 2012 Share Posted November 11, 2012 Does the email address in the $SendEmail variable reside on their mail server? Most host will not send the mail if you do not use a valid email address that is on their server. Link to comment https://forums.phpfreaks.com/topic/270559-amend-php-script-to-comply-with-hosts-new-security-settings/#findComment-1391747 Share on other sites More sharing options...
DavidAM Posted November 12, 2012 Share Posted November 12, 2012 You should also change this to your server's email address: $headers = "From: $email\r\n"; You can add a Reply-To header so you can reply to the visitor $headers = "From: $SendEmail\r\n"; $headers = "Reply-To: $email\r\n"; $headers .= "Cc: $email\r\n"; Link to comment https://forums.phpfreaks.com/topic/270559-amend-php-script-to-comply-with-hosts-new-security-settings/#findComment-1391759 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.